From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 29 Mar 2018 23:15:08 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7182
X-Git-Tag: 7.0.7-29~272
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8b6212959f5660b30b62a81f1ac201c550d09256;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7182
---

diff --git a/coders/heic.c b/coders/heic.c
index fd30d1c6c..e5a30bf6c 100644
--- a/coders/heic.c
+++ b/coders/heic.c
@@ -452,7 +452,7 @@ static MagickBooleanType ParseIinfAtom(Image *image, DataBuffer *db,
   ctx->idsCount = count;
   if (ctx->itemInfo != (HEICItemInfo *) NULL)
     ctx->itemInfo=(HEICItemInfo *) RelinquishMagickMemory(ctx->itemInfo);
-  if (DBGetSize(db) < (8*count))
+  if ((8.0*count) > (double)DBGetSize(db))
     ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
       image->filename);
   ctx->itemInfo = (HEICItemInfo *)AcquireMagickMemory(sizeof(HEICItemInfo)*(count+1));
@@ -539,7 +539,7 @@ static MagickBooleanType ParseIpmaAtom(Image *image, DataBuffer *db,
 
     assoc_count = DBReadUChar(db);
 
-    if (assoc_count > MAX_ASSOCS_COUNT) {
+    if (assoc_count >= MAX_ASSOCS_COUNT) {
       ThrowAndReturn("too many associations");
     }